1
From 96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c Mon Sep 17 00:00:00 2001
2
From: Jouni Malinen <j@w1.fi>
3
Date: Sat, 4 Feb 2012 12:32:35 +0200
4
Subject: [PATCH] Use PMKSA cache entries with only a single network context
6
When looking for PMKSA cache entries to use with a new association, only
7
accept entries created with the same network block that was used to
8
create the cache entry.
10
Signed-hostap: Jouni Malinen <j@w1.fi>
12
src/rsn_supp/pmksa_cache.c | 33 ++++++++++++++++++++++++---------
13
src/rsn_supp/pmksa_cache.h | 5 +++--
14
src/rsn_supp/preauth.c | 6 +++---
15
src/rsn_supp/wpa.c | 8 +++++---
16
wpa_supplicant/wpa_supplicant.c | 2 ++
17
5 files changed, 37 insertions(+), 17 deletions(-)
19
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
20
index 3877efb..8060389 100644
21
--- a/src/rsn_supp/pmksa_cache.c
22
+++ b/src/rsn_supp/pmksa_cache.c
23
@@ -99,7 +99,7 @@ static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
24
eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
26
entry = pmksa->sm->cur_pmksa ? pmksa->sm->cur_pmksa :
27
- pmksa_cache_get(pmksa, pmksa->sm->bssid, NULL);
28
+ pmksa_cache_get(pmksa, pmksa->sm->bssid, NULL, NULL);
30
sec = pmksa->pmksa->reauth_time - now.sec;
32
@@ -228,8 +228,8 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
36
- wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
37
- MAC2STR(entry->aa));
38
+ wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR
39
+ " network_ctx=%p", MAC2STR(entry->aa), network_ctx);
40
wpa_sm_add_pmkid(pmksa->sm, entry->aa, entry->pmkid);
43
@@ -297,16 +297,19 @@ void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
44
* @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
45
* @aa: Authenticator address or %NULL to match any
46
* @pmkid: PMKID or %NULL to match any
47
+ * @network_ctx: Network context or %NULL to match any
48
* Returns: Pointer to PMKSA cache entry or %NULL if no match was found
50
struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
51
- const u8 *aa, const u8 *pmkid)
52
+ const u8 *aa, const u8 *pmkid,
53
+ const void *network_ctx)
55
struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
57
if ((aa == NULL || os_memcmp(entry->aa, aa, ETH_ALEN) == 0) &&
59
- os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
60
+ os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0) &&
61
+ (network_ctx == NULL || network_ctx == entry->network_ctx))
65
@@ -410,20 +413,32 @@ int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
66
int try_opportunistic)
68
struct rsn_pmksa_cache *pmksa = sm->pmksa;
69
+ wpa_printf(MSG_DEBUG, "RSN: PMKSA cache search - network_ctx=%p "
70
+ "try_opportunistic=%d", network_ctx, try_opportunistic);
72
+ wpa_hexdump(MSG_DEBUG, "RSN: Search for PMKID",
75
+ wpa_printf(MSG_DEBUG, "RSN: Search for BSSID " MACSTR,
80
- sm->cur_pmksa = pmksa_cache_get(pmksa, NULL, pmkid);
81
+ sm->cur_pmksa = pmksa_cache_get(pmksa, NULL, pmkid,
83
if (sm->cur_pmksa == NULL && bssid)
84
- sm->cur_pmksa = pmksa_cache_get(pmksa, bssid, NULL);
85
+ sm->cur_pmksa = pmksa_cache_get(pmksa, bssid, NULL,
87
if (sm->cur_pmksa == NULL && try_opportunistic && bssid)
88
sm->cur_pmksa = pmksa_cache_get_opportunistic(pmksa,
92
- wpa_hexdump(MSG_DEBUG, "RSN: PMKID",
93
+ wpa_hexdump(MSG_DEBUG, "RSN: PMKSA cache entry found - PMKID",
94
sm->cur_pmksa->pmkid, PMKID_LEN);
97
+ wpa_printf(MSG_DEBUG, "RSN: No PMKSA cache entry found");
101
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
102
index 840827d..e48d596 100644
103
--- a/src/rsn_supp/pmksa_cache.h
104
+++ b/src/rsn_supp/pmksa_cache.h
105
@@ -52,7 +52,8 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
106
void *ctx, struct wpa_sm *sm);
107
void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
108
struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
109
- const u8 *aa, const u8 *pmkid);
110
+ const u8 *aa, const u8 *pmkid,
111
+ const void *network_ctx);
112
int pmksa_cache_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len);
113
struct rsn_pmksa_cache_entry *
114
pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
115
diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c
116
index fefca83..7812331 100644
117
--- a/src/rsn_supp/preauth.c
118
+++ b/src/rsn_supp/preauth.c
119
@@ -311,7 +311,7 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
120
dl_list_for_each_safe(candidate, n, &sm->pmksa_candidates,
121
struct rsn_pmksa_candidate, list) {
122
struct rsn_pmksa_cache_entry *p = NULL;
123
- p = pmksa_cache_get(sm->pmksa, candidate->bssid, NULL);
124
+ p = pmksa_cache_get(sm->pmksa, candidate->bssid, NULL, NULL);
125
if (os_memcmp(sm->bssid, candidate->bssid, ETH_ALEN) != 0 &&
126
(p == NULL || p->opportunistic)) {
127
wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA "
128
@@ -458,7 +458,7 @@ void rsn_preauth_scan_result(struct wpa_sm *sm, const u8 *bssid,
129
if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie))
132
- pmksa = pmksa_cache_get(sm->pmksa, bssid, NULL);
133
+ pmksa = pmksa_cache_get(sm->pmksa, bssid, NULL, NULL);
134
if (pmksa && (!pmksa->opportunistic ||
135
!(ie.capabilities & WPA_CAPABILITY_PREAUTH)))
137
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
138
index f35f9ee..225489e 100644
139
--- a/src/rsn_supp/wpa.c
140
+++ b/src/rsn_supp/wpa.c
141
@@ -151,7 +151,8 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
142
* not have enough time to get the association information
143
* event before receiving this 1/4 message, so try to find a
144
* matching PMKSA cache entry here. */
145
- sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid);
146
+ sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
149
wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from "
151
@@ -205,7 +206,8 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
152
sm->network_ctx, sm->key_mgmt);
154
if (!sm->cur_pmksa && pmkid &&
155
- pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
156
+ pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
158
wpa_printf(MSG_DEBUG, "RSN: the new PMK "
159
"matches with the PMKID");
161
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
162
index 9acc89a..62545e2 100644
163
--- a/wpa_supplicant/wpa_supplicant.c
164
+++ b/wpa_supplicant/wpa_supplicant.c
165
@@ -1698,6 +1698,8 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
167
other_ssid = other_ssid->next;
170
+ wpa_s->current_ssid = ssid;
171
wpa_s->disconnected = 0;
172
wpa_s->reassociate = 1;
173
wpa_supplicant_req_scan(wpa_s, 0, 0);